a Q regarding guest users and ISE


I configure ISE to redirect the guest users toward the Guest portal and everything works fine. but at the end, ISE adds the guest's MAC address to the local DB and the second time the same person wants to access the network, its MAC address matches an authorization rule that I had created for known clients. 

how can prevent ISE from adding MAC addresses of guest users automatically to the internal MAB DB?  


  • Hi guys; the new year holidays are over. [:P] isn't there anybody here to take a look at my problem? I appreciate any reply.

  • due to the lack of the response here, I'm going to post my own answer here that I found by myself. hope this help someone else who needs this.

    I was using a very comprehensive rule that matched most of the conditions. So I added a static EndPoint Group and placed my manually created known MAC addresses inside that group and edited the condition part of the "Basic_Authenticated_Access" authz rule to contain just that EndPoint Identity Group. this time, every time a guest user wants to access the network, he goes through the whole process as expected. 

Sign In or Register to comment.